From 7199e4c20992bc60bf1da30ea05d200fea73c7ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 23 Sep 2025 11:28:05 +0200 Subject: [PATCH 1/3] Fully qualify the `\extention_loaded('sodium')` check This allows OPcache to elide the condition at compile-time if it knows that ext/sodium is or is not available. --- src/Base64.php | 6 +++--- src/Hex.php | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Base64.php b/src/Base64.php index cac557f..58bc7fa 100644 --- a/src/Base64.php +++ b/src/Base64.php @@ -53,7 +53,7 @@ public static function encode( #[\SensitiveParameter] string $binString ): string { - if (extension_loaded('sodium')) { + if (\extension_loaded('sodium')) { $variant = match(static::class) { Base64::class => SODIUM_BASE64_VARIANT_ORIGINAL, Base64UrlSafe::class => SODIUM_BASE64_VARIANT_URLSAFE, @@ -85,7 +85,7 @@ public static function encodeUnpadded( #[\SensitiveParameter] string $src ): string { - if (extension_loaded('sodium')) { + if (\extension_loaded('sodium')) { $variant = match(static::class) { Base64::class => SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, Base64UrlSafe::class => SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING, @@ -199,7 +199,7 @@ public static function decode( 'Incorrect padding' ); } - if (extension_loaded('sodium')) { + if (\extension_loaded('sodium')) { $variant = match(static::class) { Base64::class => SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, Base64UrlSafe::class => SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING, diff --git a/src/Hex.php b/src/Hex.php index d4d5259..4fa52ed 100644 --- a/src/Hex.php +++ b/src/Hex.php @@ -48,7 +48,7 @@ public static function encode( #[\SensitiveParameter] string $binString ): string { - if (extension_loaded('sodium')) { + if (\extension_loaded('sodium')) { try { return sodium_bin2hex($binString); } catch (SodiumException $ex) { @@ -117,7 +117,7 @@ public static function decode( string $encodedString, bool $strictPadding = false ): string { - if (extension_loaded('sodium') && $strictPadding) { + if (\extension_loaded('sodium') && $strictPadding) { try { return sodium_hex2bin($encodedString); } catch (SodiumException $ex) { From e2f2b23cd4b7c57e73388c396eafbfc167147a64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 23 Sep 2025 11:30:21 +0200 Subject: [PATCH 2/3] Fully qualify the `SODIUM_*` constants Similarly this allows OPcache to inline the constants. --- src/Base64.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/Base64.php b/src/Base64.php index 58bc7fa..aed5b87 100644 --- a/src/Base64.php +++ b/src/Base64.php @@ -55,8 +55,8 @@ public static function encode( ): string { if (\extension_loaded('sodium')) { $variant = match(static::class) { - Base64::class => SODIUM_BASE64_VARIANT_ORIGINAL, - Base64UrlSafe::class => SODIUM_BASE64_VARIANT_URLSAFE, + Base64::class => \SODIUM_BASE64_VARIANT_ORIGINAL, + Base64UrlSafe::class => \SODIUM_BASE64_VARIANT_URLSAFE, default => 0, }; if ($variant > 0) { @@ -87,8 +87,8 @@ public static function encodeUnpadded( ): string { if (\extension_loaded('sodium')) { $variant = match(static::class) { - Base64::class => SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, - Base64UrlSafe::class => SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING, + Base64::class => \SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, + Base64UrlSafe::class => \SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING, default => 0, }; if ($variant > 0) { @@ -201,8 +201,8 @@ public static function decode( } if (\extension_loaded('sodium')) { $variant = match(static::class) { - Base64::class => SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, - Base64UrlSafe::class => SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING, + Base64::class => \SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, + Base64UrlSafe::class => \SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING, default => 0, }; if ($variant > 0) { From 93276b11e3118b9eed33f4936c5592a72d19fdb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 23 Sep 2025 11:33:20 +0200 Subject: [PATCH 3/3] Fully qualify the `sodium_*()` function calls MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This avoids a lookup to see if the functions exist in the `ParagonIE\ConstantTime` namespace and ensures that there is no “userland” fake implementation taking precedence. --- src/Base64.php | 6 +++--- src/Hex.php | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Base64.php b/src/Base64.php index aed5b87..f9596ce 100644 --- a/src/Base64.php +++ b/src/Base64.php @@ -61,7 +61,7 @@ public static function encode( }; if ($variant > 0) { try { - return sodium_bin2base64($binString, $variant); + return \sodium_bin2base64($binString, $variant); } catch (SodiumException $ex) { throw new RangeException($ex->getMessage(), $ex->getCode(), $ex); } @@ -93,7 +93,7 @@ public static function encodeUnpadded( }; if ($variant > 0) { try { - return sodium_bin2base64($src, $variant); + return \sodium_bin2base64($src, $variant); } catch (SodiumException $ex) { throw new RangeException($ex->getMessage(), $ex->getCode(), $ex); } @@ -207,7 +207,7 @@ public static function decode( }; if ($variant > 0) { try { - return sodium_base642bin($encodedString, $variant); + return \sodium_base642bin($encodedString, $variant); } catch (SodiumException $ex) { throw new RangeException($ex->getMessage(), $ex->getCode(), $ex); } diff --git a/src/Hex.php b/src/Hex.php index 4fa52ed..50f77d1 100644 --- a/src/Hex.php +++ b/src/Hex.php @@ -50,7 +50,7 @@ public static function encode( ): string { if (\extension_loaded('sodium')) { try { - return sodium_bin2hex($binString); + return \sodium_bin2hex($binString); } catch (SodiumException $ex) { throw new RangeException($ex->getMessage(), $ex->getCode(), $ex); } @@ -119,7 +119,7 @@ public static function decode( ): string { if (\extension_loaded('sodium') && $strictPadding) { try { - return sodium_hex2bin($encodedString); + return \sodium_hex2bin($encodedString); } catch (SodiumException $ex) { throw new RangeException($ex->getMessage(), $ex->getCode(), $ex); }